mirror of
https://github.com/dokku/dokku.git
synced 2025-12-16 12:07:45 +01:00
dac566e75e
This makes standard use of shellcheck work without needing to provide extra configuration anywhere. Also remove use of inline 'shellcheck disable' calls that are already defined in the .shellcheckrc and don't need to be set inline.
510 lines
19 KiB
Bash
Executable File
510 lines
19 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -eo pipefail
|
|
[[ $DOKKU_TRACE ]] && set -x
|
|
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
|
|
source "$PLUGIN_AVAILABLE_PATH/certs/functions"
|
|
source "$PLUGIN_AVAILABLE_PATH/config/functions"
|
|
source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/internal-functions"
|
|
|
|
fn-nginx-log-root() {
|
|
declare desc="get the nginx log root"
|
|
local NGINX_LOG_ROOT="/var/log/nginx"
|
|
fn-nginx-vhosts-uses-openresty && NGINX_LOG_ROOT="/var/log/openresty"
|
|
echo "$NGINX_LOG_ROOT"
|
|
}
|
|
|
|
fn-nginx-access-log-format() {
|
|
declare desc="get the configured access log format"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "access-log-format" ""
|
|
}
|
|
|
|
fn-nginx-access-log-path() {
|
|
declare desc="get the configured access log path"
|
|
declare APP="$1"
|
|
local NGINX_LOG_ROOT="$(fn-nginx-log-root)"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "access-log-path" "${NGINX_LOG_ROOT}/${APP}-access.log"
|
|
}
|
|
|
|
fn-nginx-proxy-buffer-size() {
|
|
declare desc="get the configured proxy buffer size"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "proxy-buffer-size" "$(fn-get-pagesize)"
|
|
}
|
|
|
|
fn-nginx-proxy-buffering() {
|
|
declare desc="get the configured proxy buffering"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "proxy-buffering" "on"
|
|
}
|
|
|
|
fn-nginx-proxy-buffers() {
|
|
declare desc="get the configured proxy buffers"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "proxy-buffers" "8 $(fn-get-pagesize)"
|
|
}
|
|
|
|
fn-nginx-proxy-busy-buffers-size() {
|
|
declare desc="get the configured proxy busy buffers size"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "proxy-busy-buffers-size" "$(($(fn-get-pagesize) * 2))"
|
|
}
|
|
|
|
fn-nginx-proxy-read-timeout() {
|
|
declare desc="get the configured proxy read timeout"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "proxy-read-timeout" "60s"
|
|
}
|
|
|
|
fn-nginx-client-max-body-size() {
|
|
declare desc="get the configured client max body size"
|
|
declare APP="$1"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "client-max-body-size" ""
|
|
}
|
|
|
|
fn-nginx-error-log-path() {
|
|
declare desc="get the configured access log path"
|
|
declare APP="$1"
|
|
local NGINX_LOG_ROOT="$(fn-nginx-log-root)"
|
|
|
|
fn-plugin-property-get-default "nginx" "$APP" "error-log-path" "${NGINX_LOG_ROOT}/${APP}-error.log"
|
|
}
|
|
|
|
get_nginx_location() {
|
|
declare desc="check that nginx is at the expected location and return it"
|
|
fn-nginx-vhosts-nginx-location
|
|
}
|
|
|
|
validate_nginx() {
|
|
declare desc="validate entire nginx config"
|
|
declare APP="${1:-}" FLAG="${2:-}"
|
|
local NGINX_LOCATION EXIT_CODE
|
|
NGINX_LOCATION=$(get_nginx_location)
|
|
if [[ -z "$NGINX_LOCATION" ]]; then
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$APP" == "--clean" ]]; then
|
|
APP=""
|
|
FLAG="--clean"
|
|
fi
|
|
|
|
set +e
|
|
sudo "$NGINX_LOCATION" -t >/dev/null 2>&1
|
|
EXIT_CODE=$?
|
|
set -e
|
|
if [[ "$EXIT_CODE" -eq "0" ]]; then
|
|
return
|
|
fi
|
|
|
|
if [[ -n "$APP" ]]; then
|
|
verify_app_name "$APP"
|
|
nginx_vhosts_validate_single_func "$APP" "$FLAG"
|
|
else
|
|
for app in $(dokku_apps "false"); do
|
|
nginx_vhosts_validate_single_func "$app" "$FLAG"
|
|
done
|
|
fi
|
|
|
|
set +e
|
|
sudo "$NGINX_LOCATION" -t >/dev/null 2>&1
|
|
EXIT_CODE=$?
|
|
set -e
|
|
if [[ "$EXIT_CODE" -eq "0" ]]; then
|
|
return
|
|
fi
|
|
|
|
sudo "$NGINX_LOCATION" -t
|
|
exit $?
|
|
}
|
|
|
|
restart_nginx() {
|
|
declare desc="restart nginx for given distros"
|
|
local PROXY_ENABLED="$(plugn trigger proxy-is-enabled "$APP")"
|
|
local PROXY_TYPE="$(plugn trigger proxy-type "$APP")"
|
|
if [[ "$PROXY_ENABLED" == "true" ]] && [[ "$PROXY_TYPE" == "nginx" ]]; then
|
|
fn-nginx-vhosts-nginx-init-cmd "reload"
|
|
fi
|
|
}
|
|
|
|
nginx_logs() {
|
|
declare desc="display app nginx logs"
|
|
declare NGINX_LOGS_TYPE="${1#nginx:}" APP="$2"
|
|
|
|
local NGINX_LOGS_TYPE=${NGINX_LOGS_TYPE%-logs}
|
|
local NGINX_LOGS_PATH="$("fn-nginx-${NGINX_LOGS_TYPE}-log-path" "$APP")"
|
|
|
|
if [[ "$NGINX_LOGS_PATH" == "off" ]] || [[ "$NGINX_LOGS_PATH" == "/dev/null" ]]; then
|
|
dokku_log_fail "$NGINX_LOGS_TYPE logs are disabled for this app"
|
|
fi
|
|
|
|
if [[ $3 == "-t" ]]; then
|
|
local NGINX_LOGS_ARGS="-F"
|
|
else
|
|
local NGINX_LOGS_ARGS="-n 20"
|
|
fi
|
|
|
|
tail "$NGINX_LOGS_ARGS" "$NGINX_LOGS_PATH"
|
|
}
|
|
|
|
validate_ssl_domains() {
|
|
declare desc="check configured domains against SSL cert contents and show warning if mismatched"
|
|
local APP=$1
|
|
local VHOST_PATH="$DOKKU_ROOT/$APP/VHOST"
|
|
local SSL_HOSTNAME=$(get_ssl_hostnames "$APP")
|
|
local SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g')
|
|
|
|
if ! (grep -q -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" &>/dev/null); then
|
|
dokku_log_info1 "No matching configured domains for $APP found in SSL certificate. Your app will show as insecure in a browser if accessed via SSL"
|
|
dokku_log_info1 "Please add appropriate domains via the dokku domains command"
|
|
[[ -n "$NONSSL_VHOSTS" ]] && dokku_log_info1 "Configured domains for app:"
|
|
local domain
|
|
for domain in $(echo "$NONSSL_VHOSTS" | xargs); do
|
|
dokku_log_info2 "$domain"
|
|
done
|
|
[[ -n "$SSL_HOSTNAME" ]] && dokku_log_info1 "Domains found in SSL certificate:"
|
|
for domain in $(echo "$SSL_HOSTNAME" | xargs); do
|
|
dokku_log_info2 "$domain"
|
|
done
|
|
fi
|
|
}
|
|
|
|
get_custom_nginx_template() {
|
|
declare desc="attempts to copy custom nginx template from app image"
|
|
local APP="$1"
|
|
local DESTINATION_FILE="$2"
|
|
local IMAGE_TAG="$(get_running_image_tag "$APP")"
|
|
local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG")
|
|
local NGINX_TEMPLATE_NAME="nginx.conf.sigil"
|
|
local DISABLE_CUSTOM_CONFIG="$(fn-plugin-property-get-default "nginx" "$APP" "disable-custom-config" "false")"
|
|
|
|
if [[ "$DISABLE_CUSTOM_CONFIG" == "true" ]]; then
|
|
return
|
|
fi
|
|
|
|
if [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil.$DOKKU_PID.missing" ]]; then
|
|
return
|
|
fi
|
|
|
|
if [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil.$DOKKU_PID" ]]; then
|
|
cp "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil.$DOKKU_PID" "$DESTINATION_FILE"
|
|
elif [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil" ]]; then
|
|
cp "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil" "$DESTINATION_FILE"
|
|
fi
|
|
}
|
|
|
|
is_tls13_available() {
|
|
declare desc="detects whether the installed nginx version has TLSv1.3 support"
|
|
local NGINX_VERSION="$1"
|
|
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
|
|
local HAS_SUPPORT=false
|
|
|
|
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
|
|
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
|
|
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
|
|
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MAJOR_VERSION" -eq "1" ]] && [[ "$MINOR_VERSION" -ge "13" ]]; then
|
|
HAS_SUPPORT=true
|
|
fi
|
|
|
|
echo $HAS_SUPPORT
|
|
}
|
|
|
|
is_http2_push_enabled() {
|
|
declare desc="detects whether the installed nginx version has http2 push support"
|
|
local NGINX_VERSION="$1"
|
|
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
|
|
local HAS_SUPPORT=false
|
|
|
|
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
|
|
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
|
|
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
|
|
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
|
|
if [[ "$MINOR_VERSION" -eq "13" ]] && [[ "$PATCH_VERSION" -ge "9" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MINOR_VERSION" -ge "14" ]]; then
|
|
HAS_SUPPORT=true
|
|
fi
|
|
fi
|
|
|
|
echo $HAS_SUPPORT
|
|
}
|
|
|
|
is_http2_enabled() {
|
|
declare desc="detects whether the installed nginx version has http2 support"
|
|
local NGINX_VERSION="$1"
|
|
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
|
|
local HAS_SUPPORT=false
|
|
|
|
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
|
|
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
|
|
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
|
|
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
|
|
if [[ "$MINOR_VERSION" -eq "11" ]] && [[ "$PATCH_VERSION" -ge "5" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MINOR_VERSION" -ge "12" ]]; then
|
|
HAS_SUPPORT=true
|
|
fi
|
|
fi
|
|
|
|
echo $HAS_SUPPORT
|
|
}
|
|
|
|
is_grpc_enabled() {
|
|
declare desc="detects whether the installed nginx version has grpc support"
|
|
local NGINX_VERSION="$1"
|
|
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
|
|
local HAS_SUPPORT=false
|
|
|
|
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
|
|
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
|
|
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
|
|
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
|
|
if [[ "$MINOR_VERSION" -eq "13" ]] && [[ "$PATCH_VERSION" -ge "10" ]]; then
|
|
HAS_SUPPORT=true
|
|
elif [[ "$MINOR_VERSION" -ge "14" ]]; then
|
|
HAS_SUPPORT=true
|
|
fi
|
|
fi
|
|
|
|
echo $HAS_SUPPORT
|
|
}
|
|
|
|
nginx_build_config() {
|
|
declare desc="build nginx config to proxy app containers using sigil"
|
|
declare APP="$1" DOKKU_APP_LISTEN_PORT="$2" DOKKU_APP_LISTEN_IP="$3"
|
|
local VHOST_PATH="$DOKKU_ROOT/$APP/VHOST"
|
|
local NGINX_TEMPLATE_NAME="nginx.conf.sigil"
|
|
local NGINX_TEMPLATE="$PLUGIN_AVAILABLE_PATH/nginx-vhosts/templates/$NGINX_TEMPLATE_NAME"
|
|
local SCHEME=http
|
|
local NGINX_TEMPLATE_SOURCE="built-in"
|
|
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
|
|
local RAW_TCP_PORTS="$(get_app_raw_tcp_ports "$APP")"
|
|
local DOKKU_APP_LISTENERS
|
|
|
|
CUSTOM_NGINX_TEMPLATE="$(plugn trigger nginx-app-template-source "$APP" "app-config")"
|
|
if [[ -n "$CUSTOM_NGINX_TEMPLATE" ]]; then
|
|
NGINX_TEMPLATE="$CUSTOM_NGINX_TEMPLATE"
|
|
fi
|
|
|
|
local IS_APP_VHOST_ENABLED=true
|
|
plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false
|
|
|
|
local IS_SSL_ENABLED=false
|
|
if [[ "$(plugn trigger certs-exists "$APP")" == "true" ]]; then
|
|
IS_SSL_ENABLED=true
|
|
fi
|
|
|
|
if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "true" ]]; then
|
|
if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -z "$DOKKU_APP_LISTEN_IP" ]]; then
|
|
DOKKU_APP_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)"
|
|
elif [[ -n "$DOKKU_APP_LISTEN_PORT" ]] && [[ -n "$DOKKU_APP_LISTEN_IP" ]]; then
|
|
local PASSED_LISTEN_IP_PORT=true
|
|
fi
|
|
|
|
# setup nginx listen ports
|
|
plugn trigger proxy-configure-ports "$APP"
|
|
local PROXY_PORT=$(config_get "$APP" DOKKU_PROXY_PORT)
|
|
local PROXY_SSL_PORT=$(config_get "$APP" DOKKU_PROXY_SSL_PORT)
|
|
local PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP)
|
|
|
|
local PORT_MAP proxy_port_map
|
|
for PORT_MAP in $PROXY_PORT_MAP; do
|
|
local PROXY_UPSTREAM_SCHEME="$(awk -F ':' '{ print $1 }' <<<"$PORT_MAP")"
|
|
if [[ "$PROXY_UPSTREAM_SCHEME" == "https" ]] && [[ "$IS_SSL_ENABLED" == "false" ]]; then
|
|
dokku_log_warn "Ignoring detected https port mapping without an accompanying ssl certificate (${PORT_MAP})"
|
|
continue
|
|
fi
|
|
|
|
proxy_port_map="$proxy_port_map $PORT_MAP"
|
|
|
|
local PROXY_UPSTREAM_PORT="$(awk -F ':' '{ print $3 }' <<<"$PORT_MAP")"
|
|
if [[ "$(is_val_in_list "$PROXY_UPSTREAM_PORT" "$PROXY_UPSTREAM_PORTS" " ")" == "false" ]]; then
|
|
local PROXY_UPSTREAM_PORTS+="$PROXY_UPSTREAM_PORT "
|
|
fi
|
|
done
|
|
PROXY_PORT_MAP="$proxy_port_map"
|
|
local PROXY_UPSTREAM_PORTS="$(echo "$PROXY_UPSTREAM_PORTS" | xargs)"
|
|
|
|
local SSL_INUSE=
|
|
local NONSSL_VHOSTS=$(plugn trigger domains-list "$APP")
|
|
local NOSSL_SERVER_NAME=$(echo "$NONSSL_VHOSTS" | xargs)
|
|
if [[ "$IS_SSL_ENABLED" == "true" ]]; then
|
|
local SSL_INUSE=true
|
|
local SCHEME=https
|
|
validate_ssl_domains "$APP"
|
|
local SSL_HOSTNAME=$(get_ssl_hostnames "$APP")
|
|
local SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g')
|
|
|
|
if [[ "$IS_APP_VHOST_ENABLED" == "true" ]]; then
|
|
local SSL_VHOSTS=$(grep -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" || true)
|
|
else
|
|
local SSL_VHOSTS=$(<"$DOKKU_ROOT/VHOST")
|
|
fi
|
|
local SSL_SERVER_NAME
|
|
local host
|
|
for host in $SSL_VHOSTS; do
|
|
# SSL_SERVER_NAME should only contain items not in NOSSL_SERVER_NAME
|
|
if [[ ! $NOSSL_SERVER_NAME =~ (^|[[:space:]])$host($|[[:space:]]) ]]; then
|
|
SSL_SERVER_NAME="${host}${SSL_SERVER_NAME:+ $SSL_SERVER_NAME}"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
local NGINX_LOCATION NGINX_VERSION SPDY_SUPPORTED TLS13_SUPPORTED HTTP2_SUPPORTED HTTP2_PUSH_SUPPORTED GRPC_SUPPORTED
|
|
NGINX_LOCATION=$(get_nginx_location)
|
|
if [[ -z "$NGINX_LOCATION" ]]; then
|
|
exit 1
|
|
fi
|
|
NGINX_VERSION="$("$NGINX_LOCATION" -v 2>&1 | cut -d'/' -f 2)"
|
|
# DEPRECATED: Remove me at 1.0.0
|
|
SPDY_SUPPORTED="false"
|
|
TLS13_SUPPORTED="$(is_tls13_available "$NGINX_VERSION")"
|
|
HTTP2_SUPPORTED="$(is_http2_enabled "$NGINX_VERSION")"
|
|
HTTP2_PUSH_SUPPORTED="$(is_http2_push_enabled "$NGINX_VERSION")"
|
|
GRPC_SUPPORTED="$(is_grpc_enabled "$NGINX_VERSION")"
|
|
|
|
PROXY_PORT_MAP=$(echo "$PROXY_PORT_MAP" | xargs) # trailing spaces mess up default template
|
|
|
|
local NGINX_LOG_ROOT="$(fn-nginx-log-root)"
|
|
local NGINX_ACCESS_LOG_FORMAT="$(fn-nginx-access-log-format "$APP")"
|
|
local NGINX_ACCESS_LOG_PATH="$(fn-nginx-access-log-path "$APP")"
|
|
local NGINX_ERROR_LOG_PATH="$(fn-nginx-error-log-path "$APP")"
|
|
local CLIENT_MAX_BODY_SIZE="$(fn-nginx-client-max-body-size "$APP")"
|
|
local PROXY_READ_TIMEOUT="$(fn-nginx-proxy-read-timeout "$APP")"
|
|
local PROXY_BUFFER_SIZE="$(fn-nginx-proxy-buffer-size "$APP")"
|
|
local PROXY_BUFFERING="$(fn-nginx-proxy-buffering "$APP")"
|
|
local PROXY_BUFFERS="$(fn-nginx-proxy-buffers "$APP")"
|
|
local PROXY_BUSY_BUFFERS_SIZE="$(fn-nginx-proxy-busy-buffers-size "$APP")"
|
|
|
|
if [[ -z "$DOKKU_APP_LISTENERS" ]]; then
|
|
dokku_log_warn_quiet "No web listeners specified for $APP"
|
|
elif (is_deployed "$APP"); then
|
|
if [[ "$(plugn trigger network-get-static-listeners "$APP" "web")" == "" ]]; then
|
|
local IMAGE_TAG=$(get_running_image_tag "$APP")
|
|
local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG" 2>/dev/null)
|
|
if ! verify_image "$IMAGE" 2>/dev/null; then
|
|
dokku_log_fail "Missing image for app"
|
|
fi
|
|
fi
|
|
|
|
local NGINX_BUILD_CONFIG_TMP_WORK_DIR=$(mktemp -d "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")
|
|
local NGINX_CONF=$(mktemp --tmpdir="${NGINX_BUILD_CONFIG_TMP_WORK_DIR}" "nginx.conf.XXXXXX")
|
|
local CUSTOM_NGINX_TEMPLATE="$NGINX_BUILD_CONFIG_TMP_WORK_DIR/$NGINX_TEMPLATE_NAME"
|
|
trap "rm -rf '$NGINX_CONF' '$NGINX_BUILD_CONFIG_TMP_WORK_DIR' >/dev/null" RETURN INT TERM EXIT
|
|
|
|
get_custom_nginx_template "$APP" "$CUSTOM_NGINX_TEMPLATE" 2>/dev/null
|
|
if [[ -f "$CUSTOM_NGINX_TEMPLATE" ]]; then
|
|
dokku_log_info1 'Overriding default nginx.conf with detected nginx.conf.sigil'
|
|
local NGINX_TEMPLATE="$CUSTOM_NGINX_TEMPLATE"
|
|
local NGINX_TEMPLATE_SOURCE="app-supplied"
|
|
fi
|
|
|
|
local NGINX_BIND_ADDRESS_IP4="$(fn-plugin-property-get-default "nginx" "$APP" "bind-address-ipv4" "")"
|
|
local NGINX_BIND_ADDRESS_IP6="$(fn-plugin-property-get-default "nginx" "$APP" "bind-address-ipv6" "::")"
|
|
[[ -z "$NGINX_BIND_ADDRESS_IP6" ]] && NGINX_BIND_ADDRESS_IP6="::"
|
|
|
|
local PROXY_X_FORWARDED_FOR="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-for-value" "\$remote_addr")"
|
|
local PROXY_X_FORWARDED_PORT="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-port-value" "\$server_port")"
|
|
local PROXY_X_FORWARDED_PROTO="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-proto-value" "\$scheme")"
|
|
local PROXY_X_FORWARDED_SSL="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-ssl" "")"
|
|
|
|
eval "$(config_export app "$APP")"
|
|
local SIGIL_PARAMS=(-f "$NGINX_TEMPLATE" APP="$APP" DOKKU_ROOT="$DOKKU_ROOT"
|
|
NOSSL_SERVER_NAME="$NOSSL_SERVER_NAME"
|
|
# Deprecated: Remove this after a few versions
|
|
DOKKU_APP_LISTENERS="$DOKKU_APP_LISTENERS"
|
|
DOKKU_LIB_ROOT="$DOKKU_LIB_ROOT"
|
|
PASSED_LISTEN_IP_PORT="$PASSED_LISTEN_IP_PORT"
|
|
SPDY_SUPPORTED="$SPDY_SUPPORTED"
|
|
TLS13_SUPPORTED="$TLS13_SUPPORTED"
|
|
HTTP2_SUPPORTED="$HTTP2_SUPPORTED"
|
|
NGINX_LOG_ROOT="$NGINX_LOG_ROOT"
|
|
NGINX_ACCESS_LOG_FORMAT="$NGINX_ACCESS_LOG_FORMAT"
|
|
NGINX_ACCESS_LOG_PATH="$NGINX_ACCESS_LOG_PATH"
|
|
NGINX_ERROR_LOG_PATH="$NGINX_ERROR_LOG_PATH"
|
|
NGINX_BIND_ADDRESS_IP4="$NGINX_BIND_ADDRESS_IP4"
|
|
NGINX_BIND_ADDRESS_IP6="$NGINX_BIND_ADDRESS_IP6"
|
|
HTTP2_PUSH_SUPPORTED="$HTTP2_PUSH_SUPPORTED"
|
|
GRPC_SUPPORTED="$GRPC_SUPPORTED"
|
|
DOKKU_APP_LISTEN_PORT="$DOKKU_APP_LISTEN_PORT" DOKKU_APP_LISTEN_IP="$DOKKU_APP_LISTEN_IP"
|
|
APP_SSL_PATH="$APP_SSL_PATH" SSL_INUSE="$SSL_INUSE" SSL_SERVER_NAME="$SSL_SERVER_NAME"
|
|
CLIENT_MAX_BODY_SIZE="$CLIENT_MAX_BODY_SIZE"
|
|
PROXY_READ_TIMEOUT="$PROXY_READ_TIMEOUT"
|
|
PROXY_BUFFER_SIZE="$PROXY_BUFFER_SIZE"
|
|
PROXY_BUFFERING="$PROXY_BUFFERING"
|
|
PROXY_BUFFERS="$PROXY_BUFFERS"
|
|
PROXY_BUSY_BUFFERS_SIZE="$PROXY_BUSY_BUFFERS_SIZE"
|
|
# Deprecated: Remove this after a few versions
|
|
NGINX_PORT="$PROXY_PORT" NGINX_SSL_PORT="$PROXY_SSL_PORT"
|
|
PROXY_PORT="$PROXY_PORT" PROXY_SSL_PORT="$PROXY_SSL_PORT" RAW_TCP_PORTS="$RAW_TCP_PORTS"
|
|
PROXY_PORT_MAP="$PROXY_PORT_MAP" PROXY_UPSTREAM_PORTS="$PROXY_UPSTREAM_PORTS"
|
|
PROXY_X_FORWARDED_FOR="$PROXY_X_FORWARDED_FOR"
|
|
PROXY_X_FORWARDED_PORT="$PROXY_X_FORWARDED_PORT"
|
|
PROXY_X_FORWARDED_PROTO="$PROXY_X_FORWARDED_PROTO"
|
|
PROXY_X_FORWARDED_SSL="$PROXY_X_FORWARDED_SSL")
|
|
|
|
while read -r line || [[ -n "$line" ]]; do
|
|
PROC_TYPE=${line%%=*}
|
|
LISTENERS="$(plugn trigger network-get-listeners "$APP" "$PROC_TYPE" | xargs)"
|
|
UPP_PROC_TYPE="${PROC_TYPE^^}"
|
|
UPP_PROC_TYPE="${UPP_PROC_TYPE//-/_}"
|
|
SIGIL_PARAMS+=("DOKKU_APP_${UPP_PROC_TYPE}_LISTENERS=$LISTENERS")
|
|
done < <(plugn trigger ps-current-scale "$APP")
|
|
|
|
if grep DOKKU_APP_LISTENERS "$NGINX_TEMPLATE"; then
|
|
dokku_log_warn "Deprecated: Usage of DOKKU_APP_LISTENERS within nginx.conf.sigil templates is deprecated in favor of DOKKU_APP_WEB_LISTENERS"
|
|
fi
|
|
|
|
if grep NGINX_SSL_PORT "$NGINX_TEMPLATE"; then
|
|
dokku_log_warn "Deprecated: Usage of NGINX_SSL_PORT within nginx.conf.sigil templates is deprecated in favor of PROXY_SSL_PORT"
|
|
fi
|
|
|
|
if grep NGINX_PORT "$NGINX_TEMPLATE"; then
|
|
dokku_log_warn "Deprecated: Usage of NGINX_PORT within nginx.conf.sigil templates is deprecated in favor of PROXY_PORT"
|
|
fi
|
|
|
|
# execute sigil template processing
|
|
xargs -i echo "-----> Configuring {}...(using $NGINX_TEMPLATE_SOURCE template)" <<<"$(echo "${SSL_VHOSTS}" "${NONSSL_VHOSTS}" | tr ' ' '\n' | sort -u)"
|
|
sigil "${SIGIL_PARAMS[@]}" | cat -s >"$NGINX_CONF"
|
|
|
|
dokku_log_info1 "Creating $SCHEME nginx.conf"
|
|
mv "$NGINX_CONF" "$DOKKU_ROOT/$APP/nginx.conf"
|
|
|
|
fn-nginx-vhosts-manage-hsts "$APP" "$SSL_INUSE"
|
|
|
|
plugn trigger nginx-pre-reload "$APP" "$DOKKU_APP_LISTEN_PORT" "$DOKKU_APP_LISTEN_IP"
|
|
|
|
dokku_log_verbose "Reloading nginx"
|
|
validate_nginx && restart_nginx >/dev/null
|
|
fi
|
|
else
|
|
# note because this clause is long. if the proxy is disabled:
|
|
dokku_log_info1 "Nginx support is disabled for app ($APP)"
|
|
if [[ -f "$DOKKU_ROOT/$APP/nginx.conf" ]]; then
|
|
dokku_log_info1 "Deleting nginx.conf"
|
|
rm "$DOKKU_ROOT/$APP/nginx.conf"
|
|
|
|
if (is_deployed "$APP"); then
|
|
dokku_log_info1 "Reloading nginx after nginx.conf deletion"
|
|
validate_nginx && restart_nginx >/dev/null
|
|
fi
|
|
fi
|
|
fi
|
|
}
|